Anti-forensics tools and skills to thwart investigators are emerging in the underground hacker scene. One example is a class of programs called the Loadable Kernel Modules (LKM) which, if used by hackers, can hide data even from forensics experts. LKMs are files that contain components that can run dynamically. Normally, LKMs are used to load hardware drivers. Hackers can create LKM rootkits that can access the kernel directly, while hiding processes, connections, directories and files without modifying the binaries of any program. A rootkit is a collection of programs that a hacker uses to mask intrusion and get access to a computer. While most hackers’ rootkits activities can be detected by methods such as doing MD5 checksums, if LKM rootkits are used, any checksum methods become useless as no files would have been modified. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.